Audits
All changes made to the data in the software are audited and the audit log is maintained in the database.
Two types of auditing records are maintained:
1. Every record in every table of the database maintains six items of information: created by, created date and time, updated by, updated date and time, deleted by and deleted date and time. Please note that deletions made within the software are not deleted from the database, but are marked as "deleted." Known as a “soft delete,” the software treats the "deleted" records as if they do not exist, except for auditing purposes. Maintaining the created, updated and deleted fields satisfies the majority of auditing requirements.
2. An audit log maintained in a separate database table maintains:
- The creation, update and deletion information
- A record of each field value as it is updated
- A record of the previous value before the update
- The computer date and time
- The database server's date and time
- The computer name
- The logged on user
This log is necessary for review when there is a dispute related to who updated what specific field in a record. This log can become rather large over time and does require periodic purging to a text file.
The system makes the majority of changes to the data as it gets the punches from the time clock, creates the punch information and schedules, and then applies the punches to calculate the time cards, hours and exceptions. It is not practical to maintain an audit log of every change made in this process, because the database would grow to an excessive size within a few days.
The majority of the audit information that is maintained is through the actions of the users of the software, as they perform the following types of actions:
- Logging In
- Logging Out
- Adding or editing employees
- Adding, editing or deleting punches, hours, schedules and placeholders
- Adding or editing the configuration items, e.g. Pay Rules, Base Schedules
